| CVE-2019-9659 | Heavy damage | 9.1 |
| Very easy to exploit |
| (other affected products) | Published: Mon Mar 11 15:29:00 2019 UTC. Last Modified: Wed Jul 21 11:39:00 2021 UTC |
CPE matches: cpe:2.3:o:chuango:b11_dual-network_alarm_system_firmware:-:*:*:*:*:*:*:*
Description
The Chuango 433 MHz burglar-alarm product line uses static codes in the RF remote control, allowing an attacker to arm, disarm, or trigger the alarm remotely via replay attacks, as demonstrated by Chuango branded products, and non-Chuango branded products such as the Eminent EM8617 OV2 Wifi Alarm System.
Damage
- Complete loss of protection.
- Full Denial Of Service (DoS).
Attack conditions
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H (CVSSv3)
Type of bug(s)
- CWE-20, Improper Input Validation: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.